What is corporate account takeover?
Corporate account takeover is a form of corporate identity theft where cyber thieves gain access to a business’s computer system to steal confidential banking information. The crime is typically committed through use of malware software that obtains Corporate Online Banking account information and then engages in fraudulent transfers of funds. As a result of this type of evolving electronic crime, businesses of all sizes and locations have suffered substantial monetary loss.
How does it happen?
The most common way a fraudster gains access to your business online account information is through Business E-mail Compromise (BEC). BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer or online payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.
There has been an increase in the number of reported computer intrusions linked to Business E-mail Compromised scams. These intrusions can initially be facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link. The victim clicks on the link, and it downloads malware, allowing the actor(s) unfettered access to the victim’s data, including passwords or financial account information. Malware includes: computer viruses, worms, Trojan horses, spyware, dishonest adware, crime ware, and most rootkits.
Victims report being contacted by fraudsters, who typically identify themselves as lawyers or representatives of law firms and claim to be handling confidential or time-sensitive matters. This contact may be made via either phone or e-mail. Victims may be pressured by the fraudster to act quickly or secretly in handling the transfer of funds. This type of Business E-mail Compromised scam may occur at the end of the business day or work week or be timed to coincide with the close of business of international financial institutions.
Victims reporting indicates criminal actors are starting to follow up on wire transfer requests by calling to confirm the transactions or to comply with wire transfer protocols, thus making the transaction appear more legitimate.
How do I protect my business?
Raised awareness of the BEC scam will help your business detect the scam before sending payments to the fraudsters. The following tips can aid you in protecting your business:
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, legitimate e-mail of abc_company.com would flag fraudulent e-mail of abc-company.com.
- Register all company domains that are slightly different than the actual company domain.
- Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign- off by company personnel.
- Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
- Know the habits of your customers, including the details of, reasons behind, and amount of payments.
- Carefully scrutinize all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.
- Install and maintain spam filters on all computers
- Install security updates on operating systems and all applications as they become available.
- Perform a scan once per month.
- Note changes in performance – dramatic loss in speed, computer locks up, unexpected rebooting, unusual pop-ups, etc.
- Surf the internet responsibly.
- Block pop-ups.
- Do not use public internet access points.
- Be on the alert for suspicious emails and never open attachments from unidentified emails.
- Review accounts daily.
- Train all of your employees on how to identify suspicious emails.
What do I do if my business is a victim?
If funds are transferred to a fraudulent account, it is important to act quickly:
- Contact your financial institution immediately upon discovering the fraudulent transfer.
- Request that your financial institution contact the corresponding financial institution where the fraudulent transfer was sent.
- Contact your local Federal Bureau of Investigation (FBI) office if the wire is recent. The FBI, working with the United States Department of Treasury Financial Crimes Enforcement Network, might be able to help return or freeze the funds.
- File a complaint, regardless of dollar loss, with www.IC3.gov.
When contacting law enforcement or filing a complaint with IC3, it is important to identify your incident as “BEC” and also consider providing the following information:
- Originating business name
- Originating financial institution name and address
- Originating account number
- Beneficiary name
- Beneficiary financial institution name and address
- Correspondent bank if known or applicable
- Dates and amounts transferred
- IP and/or e-mail address of fraudulent e-mail
Detailed descriptions of BEC incidents should include but not be limited to the following when contacting law enforcement:
- Date and time of incidents
- Incorrectly formatted invoices or letterheads
- Requests for secrecy or immediate action
- Unusual timing, requests, or wording of the fraudulent phone calls or e-mails
- Phone numbers of the fraudulent phone calls
- Description of any phone contact, including frequency and timing of calls
- Foreign accents of the callers
- Poorly worded or grammatically incorrect e-mails
- Reports of any previous e-mail phishing activity
New Tripoli Bank is taking substantial measures to protect the safety and security of your accounts. By acting today to strengthen security at your end of the internet highway, hijackers will have an even tougher time. Stop by your bank to learn more.
6748 Madison Street
New Tripoli, PA 18066
7747 Claussville Road
Orefield, PA 18069